November 23rd, 2014

Pretty Pretty Pwnies

The latest month of bugs trend has started again with the Month of Apple Bugs. The first bug is a buffer overflow in Apple Quicktime rtsp URL Handler. Here is the description from the bug information on the MOAB site:

A vulnerability exists in the handling of the rtsp:// URL handler. By supplying a specially crafted string (rtsp:// [random] + semicolon + [299 bytes padding + payload]), an attacker could overflow a stack-based buffer, using either HTML, Javascript or a QTL file as attack vector, leading to an exploitable remote arbitrary code execution condition.

Note that this affects the OSX and the Windows versions of Quicktime. It doesn’t look like there is a patch for this yet, but apparently you can disable the rtsp handler within Quicktime.

Here is the official MOAB mascot:

OMG! Pwnies!

“Mac bugs come in pink.” ™

Leave a Response

Imhotep theme designed by Chris Lin. Proudly powered by Wordpress.
XHTML | CSS | RSS | Comments RSS